KeepassXC-Browser doesn't work out of the box

Whoooisssit · July 12, 2023, 1:47pm

KeepassXC-Browser is blocked by apparmor in Tor Browser.

This seems stupid especially since KeepassXC comes by default with Whonix.

I eventually got it working but it would be great if better minds than I could make it work without needing scary manual changes from the defaults.

I wrote about what I had to do to get it working at github Kicksecure apparmor-profile-torbrowser issues 14 (sorry not allowed to post URLs - guess I’m too new).

nurmagoz · July 12, 2023, 6:17pm

and it shouldnt work, integrating x add-on into TB will give changes that will effect the browser fingerprint thus it wont be support by default.

you can disable apparmor if that annoys, but there should be no upstream behavior change.

Whoooisssit · July 14, 2023, 5:47am

I just allowed the particular keepassxc-proxy executable to run in apparmor, so I didn’t disable apparmor completely.

Wait… so javascript can detect what plugins there are installed?

Eldricht · July 14, 2023, 11:00am

This is documented.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Tor_Browser#Non-default_Add-on_Risks

adamwebber2 · April 30, 2024, 11:57am

Keepassxc doesnt connect with torbrowser extension.

Working with whonix-17. All updated. Fresh install of keepassxc (sudo apt install keepassxc)
TorBrowser is also updated (13.0.14 (based on Mozilla Firefox 115.10.0esr).

Browser Integration is activated
Browser extension is installed

I’ve checked the troubleshooting guide of keepassxc but I dont know how to proceed further. So far I’ve done:
Troubleshooting point 1 done: Checked for the .json file and path-> all good.
Troubleshooting point 2 done: Checked for the .json path to keepassxs-proxy → all good

Troubleshooting point 3:
I did: “Use the following command: sudo strace -f -p $(pgrep firefox) 2>&1 | grep keepass”

Result:

[pid 18564] openat(AT_FDCWD, "/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json", O_RDONLY <unfinished ...>
[pid 18564] stat("/usr/bin/keepassxc-proxy",  <unfinished ...>
[pid 18564] stat("/usr/bin/keepassxc-proxy",  <unfinished ...>
[pid 18564] stat("/usr/bin/keepassxc-proxy",  <unfinished ...>
[pid 18564] stat("/usr/bin/keepassxc-proxy",  <unfinished ...>
[pid 18564] stat("/usr/bin/keepassxc-proxy",  <unfinished ...>
[pid 19060] execve("/usr/bin/keepassxc-proxy", ["/usr/bin/keepassxc-proxy", "/home/user/.tb/tor-browser/Brows"..., "keepassxc-browser@keepassxc.org"], 0x7ec6ea877800 /* 79 vars */ <unfinished ...>

Then I did: ps aux | grep keepassxc-proxy
Result:
user 19618 0.0 0.0 6468 2048 pts/2 S+ 13:47 0:00 grep --color=auto keepassxc-proxy

Would be great if someone can help me out here

Patrick · May 1, 2024, 1:44pm

Not a Whonix specific issue?

Try Linux (Debian) + Tor Browser (TB) + KeePassXC.

Needs to be resolved as per:

By asking TB and/or KeePassXC.

nurmagoz · May 1, 2024, 1:48pm

Simple answer: KeePassXC extension not supported

github.com/keepassxreboot/keepassxc

Problems with Tor Browser integration on Linux

opened 06:07PM - 15 Mar 24 UTC

o0nd7ots

bug feature: Browser

## Overview As of right now keepassxc assumes that the install is done either b…y the native package manager, or Flatpak and nothing else. When the install is done by the tor browser itself (or the launcher, they are equal here) the integration with the extension does not work. ## Cause & possible fix That is because there is no check to determine if the install has been done by the Tor thing. I do not know what would be a good way to do it. Maybe check if ` ~/.local/share/torbrowser/tbb/x86_64/tor-browser/Browser/TorBrowser/Data/Browser/profiles.ini` exists and adjusting the tor path prefix like in line 222: ```C++ if (browser == SupportedBrowsers::TOR_BROWSER) { basePath = QDir::homePath() + "/.local/share"; ``` ## Steps to Reproduce 1. Install Tor browser - as a native package and wait for the update - from the torbrowser-launcher 2. Install the keepassxc extension in the browser 3. Turn on the integration in KeePassXC ## Expected Behavior The browser plugin works. ## Actual Behavior KeePassXC puts the native.messaging.hosts ## Context - Distros update their TorBrowser slower than the Tor Project itself - some even prefer users to use the `torbrowser-launcher` bundle - Tor Browser autoupdates KeePassXC - 2.7.6 Operating System: Linux

QWerz · June 6, 2024, 11:06am

I did what I had to do from the blog, it was already installed. the browser extension gives an error.

keepassxc yubikey-personalization yubikey-personalization-gui

it was already installed but when I tried it anyway it gave me an error as not found.

QWerz · June 7, 2024, 4:56am

This fix CLICK

Patrick · June 7, 2024, 2:59pm

Extension Cannot Connect to KeePassXC - "Key Exchange Was Not Successful" · Issue #1399 · keepassxreboot/keepassxc-browser · GitHub is interesting.

Patrick · June 7, 2024, 3:38pm

Could you please contribute Whonix specific documentation here?
KeePassXC Browser Extension